[jira] [Commented] (PHOENIX-5374) Incorrect exception thrown in some cases when client does not have Exec permissions on SYSTEM:CATALOG

Wed, 26 Jun 2019 12:06:31 -0700 


    [ 
https://issues.apache.org/jira/browse/PHOENIX-5374?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16873592#comment-16873592
 ] 

Hadoop QA commented on PHOENIX-5374:
------------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest 
attachment 
  
http://issues.apache.org/jira/secure/attachment/12972996/PHOENIX-5374-4.x-HBase-1.3.patch
  against 4.x-HBase-1.3 branch at commit 
33d6b3414078b1a429be056f271bfd0ac8c7f158.
  ATTACHMENT ID: 12972996

    {color:green}+1 @author{color}.  The patch does not contain any @author 
tags.

    {color:red}-1 tests included{color}.  The patch doesn't appear to include 
any new or modified tests.
                        Please justify why no new tests are needed for this 
patch.
                        Also please list what manual steps were performed to 
verify this patch.

    {color:red}-1 patch{color}.  The patch command could not apply the patch.

Console output: 
https://builds.apache.org/job/PreCommit-PHOENIX-Build/2706//console

This message is automatically generated.

> Incorrect exception thrown in some cases when client does not have Exec 
> permissions on SYSTEM:CATALOG
> -----------------------------------------------------------------------------------------------------
>
>                 Key: PHOENIX-5374
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-5374
>             Project: Phoenix
>          Issue Type: Improvement
>            Reporter: Chinmay Kulkarni
>            Assignee: Chinmay Kulkarni
>            Priority: Major
>             Fix For: 5.1.0, 4.15.1
>
>         Attachments: PHOENIX-5374-4.x-HBase-1.3.patch, 
> PHOENIX-5374-master-v1.patch
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Scenario:
> * Server and client-side namespace-mapping is enabled.
> * "hbase.security.exec.permission.checks" is true on the server. Thus, EXEC 
> permission checking will be performed during coprocessor endpoint 
> invocations. 
> * Client does not have EXEC permissions on SYSTEM:CATALOG
> * Client calls DriverManager.getConnection(..) and this fails with the 
> following exception:
> {noformat}
> java.sql.SQLException: ERROR 2006 (INT08): Incompatible jars detected between 
> client and server. Ensure that phoenix-[version]-server.jar is put on the 
> classpath of HBase in every region server: 
> org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient 
> permissions (user=unprivilegedUser_N000007, scope=SYSTEM:CATALOG, 
> params=[table=SYSTEM:CATALOG],action=EXEC)
>       at 
> org.apache.hadoop.hbase.security.access.AccessChecker.requirePermission(AccessChecker.java:281)
>       at 
> org.apache.hadoop.hbase.security.access.AccessController.requirePermission(AccessController.java:446)
>       at 
> org.apache.hadoop.hbase.security.access.AccessController.preEndpointInvocation(AccessController.java:2015)
>       at 
> org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost$64.call(RegionCoprocessorHost.java:1707)
>       at 
> org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost$64.call(RegionCoprocessorHost.java:1704)
>       at 
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost$ObserverOperationWithResult.callObserver(CoprocessorHost.java:578)
>       at 
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost.execOperation(CoprocessorHost.java:614)
>       at 
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost.execOperationWithResult(CoprocessorHost.java:592)
>       at 
> org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.preEndpointInvocation(RegionCoprocessorHost.java:1703)
>       at 
> org.apache.hadoop.hbase.regionserver.HRegion.execService(HRegion.java:8011)
>       at 
> org.apache.hadoop.hbase.regionserver.RSRpcServices.execServiceOnRegion(RSRpcServices.java:2409)
>       at 
> org.apache.hadoop.hbase.regionserver.RSRpcServices.execService(RSRpcServices.java:2391)
>       at 
> org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos$ClientService$2.callBlockingMethod(ClientProtos.java:42010)
>       at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:409)
>       at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:130)
>       at 
> org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:324)
>       at 
> org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:304)
> {noformat}
> The above is encountered as a result of a call to _getVersion_ from 
> _ConnectionQueryServicesImpl#checkClientServerCompatibility_, but can occur 
> from any place that we check client-server compatibility. 
> The exception bubbles up as an *INCOMPATIBLE_CLIENT_SERVER_JAR* exception, 
> which is wrong and also leads to misleading logs for clients.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to